Annual Report 2024

Jenkins X

• The group of maintainers/Technology Oversight Committee have been strengthened with 3 new members
• Tom Hobson was voted Most Valuable Contributor of the Year 
• Performance for large git repositories is improved by leveraging partial cloning, shallow cloning and sparse checkout
• Command line completion for jx—including its plugins—is implemented
• Work has started to integrate Tekton dashboard in Jenkins X

Ortelius

The Ortelius community has made significant strides in both developer engagement and product innovation. Key achievements include:

• OpenSSF Scorecard Dashboard: The team successfully developed a dashboard for the OpenSSF Scorecard, providing compliance scores at three critical levels:
  • Open-source package level: Evaluate the compliance of individual open-source packages.
  • Component level: Assess artifacts that consume these packages.
  • Logical application level: Analyzes the full collection of components within a complete software solution.
• OSV.dev Integration: Ortelius now integrates with OSV.dev to enable real-time vulnerability detection using the components’ SBOM (Software Bill of Materials).
• SupplyChainCon: The Ortelius Outreach Committee hosted the inaugural SupplyChainCon, a virtual event focused on sharing DevSecOps tools and strategies with committers.

Additionally, Sacha Wharton has earned the prestigious Gold Legend status. To receive the Ortelius Gold Legend Award, recipients must meet specific goals in both outreach and development efforts. As the Senior Platform Engineer for the project, Sacha has contributed a series of blogs that guide committers on creating a local development platform using Raspberry Pi for embedded computing.

The Ortelius community also welcomed new committers through its Hacktoberfest engagement, including an enthusiastic university student eager to gain hands-on experience in development and DevSecOps.

Furthermore, the team is proud to report a 50-50 gender ratio in regular meetings. This milestone reflects the project’s commitment to fostering a diverse open-source community that remains independent of major tech companies for code contributions and outreach support. All in all, 2024 was a great year for the project. The project’s goal for 2025 is to build adoption of the platform and service the Jenkins community by adding continuous vulnerability management to existing CI/CD pipelines. 

Spinnaker

• Migration to Java 17: Over the past year, Spinnaker transitioned all services to Java 17. This upgrade improves performance, security, and compatibility with modern Java features. As a long-term support (LTS) release, Java 17 ensures that Spinnaker stays up-to-date with the latest advancements and provides a strong foundation for future development.
• Pipeline Execution Compression: To address the challenges of managing large-scale pipelines, we introduced pipeline execution compression. This feature reduces the storage space required for pipeline executions stored in SQL and improves performance when working with high volumes of executions. Users can also configure compression settings to optimize their storage usage based on their specific needs.
• Enhanced Kubernetes Deployments with Label Selectors: Kubernetes support in Spinnaker was improved with the addition of label selectors for deploy manifest stages. This feature allows users to target specific resources more precisely during deployments, offering greater flexibility and control for teams working with Kubernetes-based infrastructure.
• Retry Mechanism for Kubernetes Deployments: A retry mechanism was added for Kubernetes DeployManifestTask tasks to handle cases where Clouddriver fails before completing a task. This ensures deployments are more resilient to transient issues and reduces the likelihood of failed deployments due to temporary errors.
• Spring Boot Upgrades: Incremental upgrades to Spring Boot over the past year have brought Spinnaker’s backend services to version 2.7.18. These updates provide improved security, better performance, and access to new features, helping maintain a stable and reliable platform.

Tekton

The Tekton Pipelines project released a new long-term support (LTS) release v0.65.0. Moving forward, all new releases will be hosted on the GitHub container registry ghcr.io. New releases are available from the Tekton projects as well:

• Triggers v0.29.1 LTS
• Chains v0.22.2
• Results v0.12.1
• Dashboard v0.52 LTS
• CLI v0.38.1
• Operator v0.73.1 LTS

In the second half of the year, the project focused on feature improvements and security fixes across the various projects.

The Tekton project applied to move to the CNCF and is awaiting approval.